GovWifi, developed by GDS, is currently in public beta. This means we’re still testing and improving it. It’s only available in government organisations taking part in the public beta. Request to take part by emailing govwifi-support@digital.cabinet-office.gov.uk.

This guidance explains how to help your end users to connect to GovWifi. Follow this guide to configure managed end user devices for secure wifi access to:

the internet

corporate networks using a virtual private network (VPN)

This guidance is not intended to inform your organisation’s buying decisions. Government Digital Service (GDS) does not recommend specific products.

Meet GovWifi requirements

managed devices to automatically check that the correct certificate is presented by the network so users don’t connect to fake networks

WPA2-Enterprise (AES) encryption to ensure privacy

anonymous identity to encrypt usernames

You should automate this process by deploying profiles to managed devices. End users who set up their own devices must compare wireless certificates to the information they receive on sign up.

Deploy GovWifi profiles to managed devices remotely

You should deploy profiles to your managed devices for automatic certificate checking. Use mobile device management solutions across multiple platforms, or operating system specific mechanisms such as Windows Group Policy or Apple Profile Manager.

Get the XML profile for Windows

Copy and paste this XML file to a network location available to users. Devices with this profile installed will automatically check the certificate. The user just needs to enter their details once they have signed up to the service.

Default behaviour on operating systems

The table below shows the default behaviour when connecting to GovWifi on different operating systems.

Operating system

Default behaviour

wifi network verification

Windows XP, Windows 7 and Windows 8.0 (no profile configured)

The end user is presented with an error message: ‘Can’t connect to network’. To fix this, install the Windows profile and see behaviour below.

Not applicable

Windows (profile configured)

Prompts for credentials

This is defined in the Windows profile - the certificate name and certificate authority (CA) are checked automatically.

Windows 8.1 and 10

Presents thumbprint

The end user should compare the thumbprint with the details available during sign up. You can install a profile to automate certificate checking. Devices on a domain will need to add a backslash (\) before the username.

Apple OS X

Presents certificate

The user should compare the certificate name and CA with the details available during sign up.

Apple IOS

Presents certificate

The user should compare the certificate name and CA with the details available during sign up.

Blackberry

Depends on Blackberry Enterprise Server policy

Not applicable

Android versions previous to 7 (Nougat)

Prompts for credentials and CA certificate

The end user device doesn’t check the certificate unless one is installed. It doesn’t check the certificate name so is insecure. You can download the certificate.

Read connect to GovWifi for more information about manually connecting different operating systems

Provide support for GovWifi

You must provide technical support to users of the devices you manage, even if they are in a different building. You should provide a ‘best effort’ support service for unmanaged devices trying to connect to your wifi infrastructure.

Help us improve GOV.UK

Help us improve GOV.UK

To help us improve GOV.UK, we’d like to know more about your visit today. We’ll send you a link to a feedback form. It will take only 2 minutes to fill in. Don’t worry we won’t send you spam or share your email address with anyone.